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REMARKS 



The above amendment and these remarks are responsive to 
the Office action of 17 Jun 2005 by Examiner David Yiuk 
Jung. 

Claims 1-11, 15-17, 24-26, and 30-40 are in the case, 
none as yet allowed. 

The Office Action refers to claims 1-11, 15-27, and 30. 
However, claim 27 was previously canceled, and claims 31-40 
added in the Amendment filed 16 Sep 2 005, 

35 U.S.C. 103 

Claims 1-11, 15-27, and 30. have been rejected under 35 
U.S.C. 103(a) over http://www.sans.org/dosstep/index.php 

("Sans") . 

Applicants cancel without prejudice claims 18-23. 

As noted above, claim 27 was previously canceled, and 
claims 31-40 added. 
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With respect to claim 1, the Examiner refers to Sans 
step 2.2 as teaching, inter alia, "issuing a bit encoded 
login challenge" [Office action, page 2] . Applicants have 
amended independent claims 1, 11, 15, 26, 30 and 31 to more 
precisely describe what is meant by a "bit encoded login 
challenge", as that is described in connection with Figure 
3, as follows: 

Figure 3 illustrates an example of the 
challenge/response method. Figure 3 depicts a bit- 
encoded login challenge question, requiring the user to 
read a question and answer it. In this example, the 
login question is "TO ENTER WEBSITE XYZCO, PLEASE CLICK 
ON THE COW' S TAIL" . The significance of bit encoding 
is that the challenge is not composed of machine 
readable USASCII or EBCDIC text. Rather, it is a 
picture of the text, which an ordinary machine cannot 
understand. A human will have no problem responding 
correctly, whereas a machine will be unable to do so. 
By bit-encoding the login challenge, zombies will be 
foiled from gaining access to the web site and 
launching attacks from within valid connections. 
[Specification, page 34, line 20 ff.] 
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Further with respect to claim 1, the Examiner states: 

"These passages of SanB do not teach » limited' service 
in the sense of the claim. Instead, Sans appears to 
imply that the service should be entirely cut off if 
the network is being used as a broadcast amplification 
site. Nevertheless, it was well known in the art to 
have a * limited' service for the motivation of having 
the option to further track the requestor who may not 
request again if the service is entirely cut off." 
[Office Action, page 3.] 

Claim 1 requires that the imposition of limited service 
be conditioned upon an invalid response to a bit encoded 
challenge to a log- in request, and that concept is not 
taught or suggested by Sans. 

Claims 2-10 depend from claim 1, and are similarly 
distinguished. 

However, specifically with respect to claims 3 and 4, 
applicants traverse the Examiner's suggestion that "such 
particular features are well known in the art." The claimed 
"determining from said speed, latency and average queuing 
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network delay a time-out value" relate to concepts which are 
defined in applicant's specification (See reference to 
Silverman 1 and Silverman 2, at page 27, line 21) and which 
applicant asserts are not "well known". Accordingly, the 
Examiner is respectfully requested to withdraw the rejection 
of Claims 3 and 4 under 35 U.S.C. 103(a), and allow Claims 3 
and 4. However, if the Examiner maintains this rejection. 
Applicant respectfully requests that the Examiner provide an 
affidavit attesting to this statement pursuant to 37 CFR 
1.104 (d) (2) . 

With respect to claims 15-27, 30, the Examiner states: 

"...such particular features are well known in the art 
for the purpose of handling information across 
computers and of security." [Office Action, page 4.] 

Applicants traverse. As applicant has previously 
argued, the art cited, and further most surely the art which 
is purported by the Examiner to be well known in the art but 
which the Examiner does not cite, do not teach the claimed 
bit-encoded challenge -response procedure as that is not 
recited in the amended independent claims 15, 26, and 3 0 nor 
the use in a router-based filtering system of signatures 
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derived from discrete speed, streaming speed, and latency of 
connecting devices failing the bit -encoded challenge- 
response procedure. Accordingly, the Examiner is 
respectfully requested to withdraw the rejection of Claims 
15-17 under 35 U.S.C. 103(a), and allow Claims 15-17. 
However, if the Examiner maintains this rejection, Applicant 
respectfully requests that the Examiner provide an affidavit 
attesting to thiB statement pursuant to 37 CFR 1.104(d) (2) . 

With respect to claims 24 and 25. applicants traverse. 
Claim 24 recites creating a template of attack patterns for 
a plurality of types of. network traffic and responsive to 
the attack patterns, determining if a spike in network 
traffic is a DDOS attack. Claim 25, which depends from 
claim 24, adds determining unique speed and latency network 
attachment characteristics of devices attempting to connect 
to said network resource. Applicant argues that it is 
improper to rely on a bare assertion of "well known" (that 
is, upon personal knowledge) under these circumstances. 
Accordingly, the Examiner is respectfully requested to 
withdraw the rejection of Claims 24-25 under 35 U.S.C. 
103(a), and allow Claims 24-25. However, if the Examiner 
maintains this rejection, Applicant respectfully requests 
that the Examiner provide an affidavit attesting to this 
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statement pursuant to 37 CFR 1.104(d) (2) . 

With respect to claim 26 (claim 27 has been canceled) 
these claims are similar to claim 1. Applicants have 
amended claims 1 to focus on the bit -mapped challenge in 
response to a login request. This is a concept which, 
applicant asserts, is not a feature well known in the art. 
Applicant argues that it is improper to rely on a bare 
assertion of "well known" (that is, upon personal knowledge) 
under these circumstances. Accordingly, the Examiner is 
respectfully requested to withdraw the rejection of claim 26 
under 35 U.S.C. 103(a). However, if the Examiner maintains 
this rejection, Applicant respectfully requests that the 
Examiner provide an affidavit attesting to this statement 
pursuant to 37 CFR 1.104(d)(2). 

SUMMARY AND CONCLUSION 

Applicants urge that the above amendment be entered and 
the case passed to issue with claims 1-11, 15-17, 24-26, and 
30-40. 

The Application is believed to be in condition for 
allowance and such action by the Examiner is urged. Should 
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differences remain, however, which do not place one/more of 
the remaining claims in condition for allowance, the 
Examiner is requested to phone the undersigned at the number 
provided below for the purpose of providing constructive 
assistance and suggestions in accordance with M.P,E.P. 
Sections 707.02 (j) and 7 07,03 in order that allowable claims 
can be presented, thereby placing the Application in 
condition for allowance without further proceedings being 
necessary. 

Sincerely, 

Robert M. Silverman 
By 



Shelle/7 P<~Beckstrand 
Reg. KTO. 24,886 

Date: 1 Mar 2006 

Shelley M Beckstrand 
Patent Attorney 
61 Glenmont Road 
Woodlawn, VA 24381-1341 

Phone: (276) 238-1972 

Fax: (276) 238-1545 
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